- 下载官方 nginx 版本
wget -O ingress-deploy.yaml https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.41.2/deploy/static/provider/cloud/deploy.yaml
- 修改下载后的ingress-deploy.yaml
vim ingress-deploy.yaml
- 增加行 replicas: 2 副本数
# Source: ingress-nginx/templates/controller-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
helm.sh/chart: ingress-nginx-3.10.1
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.41.2
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
revisionHistoryLimit: 10
minReadySeconds: 0
replicas: 2
template:
- 修改镜像为国内镜像
增加行 hostNetwork: true
image: pollyduan/ingress-nginx-controller:v0.41.2
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
spec:
hostNetwork: true
dnsPolicy: ClusterFirst
containers:
- name: controller
image: pollyduan/ingress-nginx-controller:v0.41.2
#image: k8s.gcr.io/ingress-nginx/controller:v0.41.2@sha256:1f4f402b9c14f3ae92b11ada1dfe9893a88f0faeb0b2f4b903e2c67a0c3bf0de
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
-
节点服务器上添加标签 和 ingress-deploy.yaml 中保持一致否则部署时会出现错误
root@master:/home/ljy/桌面# kubectl label nodes master ingress-ready=true
node/master labeled
root@master:/home/ljy/桌面# kubectl label nodes master kubernetes.io/os=linux --overwrite
node/master not labeled
- 部署 ingress-deploy.yaml
root@master:/home/ljy/桌面# kubectl apply -f ingress-deploy.yaml
namespace/ingress-nginx created
serviceaccount/ingress-nginx created
configmap/ingress-nginx-controller created
clusterrole.rbac.authorization.k8s.io/ingress-nginx created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created
role.rbac.authorization.k8s.io/ingress-nginx created
rolebinding.rbac.authorization.k8s.io/ingress-nginx created
service/ingress-nginx-controller-admission created
service/ingress-nginx-controller created
deployment.apps/ingress-nginx-controller created
validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created
serviceaccount/ingress-nginx-admission created
clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
role.rbac.authorization.k8s.io/ingress-nginx-admission created
rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
job.batch/ingress-nginx-admission-create created
job.batch/ingress-nginx-admission-patch created
- 查看运行情况
kubectl get pod,service -n ingress-nginx -o wide
root@master:/home/ljy/桌面# kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-controller-9f64489f5-7pvwf 1/1 Running 3 3d1h
root@master:/home/ljy/桌面# kubectl get pod,service -n ingress-nginx -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/ingress-nginx-controller-9f64489f5-7pvwf 1/1 Running 3 3d1h 10.0.2.15 master
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/ingress-nginx-controller LoadBalancer 10.103.52.62 80:30074/TCP,443:31737/TCP 3d1h app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx
service/ingress-nginx-controller-admission ClusterIP 10.97.102.169 443/TCP 3d1h app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx
如果pod状态有异样请使用kubectl describe pod pod名称 -n ingress-nginx 查看详情
kubectl describe pod ingress-nginx-controller-9f64489f5-7pvwf -n ingress-nginx
- 解析域名
vim /etc/hosts
10.0.2.15 cloud-test.com
- 编写请求转发规则
vim nginx-ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-ingress
namespace: cloud # 命名空间和代理的serviceName 所属命名空间保存一致,否则访问是会出现503错误
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /
# 开启use-regex,启用path的正则匹配
nginx.ingress.kubernetes.io/use-regex: 'true'
spec:
rules:
- host: cloud-test.com # 域名
http:
paths:
- path: /common
backend:
# 注册的服务名称
serviceName: cloud-communal-service
# 服务端口
servicePort: 18080
- 启动规则
kubectl apply -f nginx-ingress.yaml
root@master:/home/ljy/桌面# kubectl apply -f nginx-ingress.yaml
Warning: networking.k8s.io/v1beta1 Ingress is deprecated in v1.19+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
ingress.networking.k8s.io/nginx-ingress created
- 进入容器查看nginx配置信息
kubectl exec -it ingress-nginx-controller-9f64489f5-7pvwf -n ingress-nginx -- /bin/bash
bash-5.0$ cat nginx.conf | grep -A 30 cloud-test.com
证明 ingress-controller Pod 里面 nginx 配置已经生效了
- 查看 ingress service
kubectl get service -o wide -n ingress-nginx
root@master:/home/ljy/桌面# kubectl get service -o wide -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
ingress-nginx-controller LoadBalancer 10.103.52.62 80:30074/TCP,443:31737/TCP 3d1h app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx
ingress-nginx-controller-admission ClusterIP 10.97.102.169 443/TCP 3d1h app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx
我们可以看到对外暴露了 31391 端口,访问任何节点的 31391 端口即可访问到 Pod服务。
但该端口是随机的,并且重建后会变化,我们可以直接访问运行 ingress-controller Pod 的 80 端口。
- 测试
root@master:/home/ljy/桌面# curl cloud-test.com:18080
{"status":200,"message":"请查看API文档","data":null,"extend":null,"timestamp":"2020-12-21 08:40:46","success":true,"total":null,"description":null}
root@master:/home/ljy/桌面# curl cloud-test.com/common
{"status":200,"message":"请查看API文档","data":null,"extend":null,"timestamp":"2020-12-21 08:40:46","success":true,"total":null,"description":null}
- 查看端点endpoint
kubectl get endpoints --all-namespaces
root@master:/home/ljy/桌面# kubectl get endpoints --all-namespaces
NAMESPACE NAME ENDPOINTS AGE
cloud cloud-communal-service 10.0.2.15:18080 33m
default kubernetes 10.0.2.15:6443 11d
ingress-nginx ingress-nginx-controller 10.0.2.15:443,10.0.2.15:80 3d1h
ingress-nginx ingress-nginx-controller-admission 10.0.2.15:8443 3d1h
kube-system kube-controller-manager 11d
kube-system kube-dns 10.244.0.47:53,10.244.0.48:53,10.244.0.47:53 + 3 more... 11d
kube-system kube-scheduler 11d
如果没有 serviceName: cloud-communal-service 端点,访问cloud-test.com/common就会报503 服务不可用